Infinite loop on corrupt pnm images

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Locked
mariagullickson

Infinite loop on corrupt pnm images

Post by mariagullickson »

I found my code hanging forever trying to read a .pgm image file. The image file turned out to be corrupt, so it wouldn't have been able to read it, but the hanging was really a problem. I tracked it down to coders/pnm.c. (I am using ImageMagick 6.2.8 on linux, though I was able to reproduce the bug in 6.3.0 also, so it is still there.)

According to the docs at http://netpbm.sourceforge.net/doc/#formats, the largest allowable max_value is 65535, but this isn't being checked in the code. I had a value that was 2^32-1, and the below loop in ReadPNMImage, line 408 of coders/pnm.c, was going on forever:

for (image->depth=1; (1UL << image->depth) < max_value; image->depth++);

I preceded this line by the following check and it seemed to clear up the problem:

if (max_value >= 65536)
ThrowReaderException(CorruptImageError,"MaxPixelValueTooLarge");

Just wanted to pass this on, so someone can check that this is right and put it back into the codebase. Thanks.

User avatar
magick
Site Admin
Posts: 11254
Joined: 2003-05-31T11:32:55-07:00

Post by magick »

We added your patch to ImageMagick 6.3.0-1 Beta, available sometime tommorrow. Thanks.

mariagullickson

Post by mariagullickson »

Cool. Thanks!

Locked